DarktraceEmail

This pack includes configurations to combine the world-class threat detection of Darktrace with the synchrony and automation abilities of XSOAR, allowing security teams to investigate critical incidents along with accompanying summaries and timelines.

Network Security · Darktrace

Configuration parameters

  • url — Server URL (e.g. https://example.net) (required)
  • isFetch — Fetch incidents
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • incidentType — Incident type
  • publicApiKey — Public API Token (required)
  • privateApiKey — Private API Token (required)
  • min_score — Minimum Score (required)
  • max_fetch — Maximum Emails per Fetch
  • first_fetch — First fetch time
  • incidentFetchInterval — Incidents Fetch Interval
  • tag_severity — Darktrace Tag Severity
  • actioned — Only Actioned Emails
  • direction — Direction

Commands (3)

  • darktrace-email-get-email

    Fetch details about a specific Email.

  • darktrace-email-hold-email

    Apply "hold" action to a specified Email.

  • darktrace-email-release-email

    Apply "release" action to a specified Email.